{"result": {"cve": [{"id": "CVE-2003-0487", "type": "cve", "title": "CVE-2003-0487", "description": "Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.", "published": "2003-08-07T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0487", "cvelist": ["CVE-2003-0487"], "lastseen": "2017-07-11T11:14:17"}], "exploitdb": [{"id": "EDB-ID:46", "type": "exploitdb", "title": "Kerio MailServer 5.6.3 - Remote Buffer Overflow Exploit", "description": "Kerio MailServer 5.6.3 Remote Buffer Overflow Exploit. CVE-2003-0487. Remote exploit for linux platform", "published": "2003-06-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/46/", "cvelist": ["CVE-2003-0487"], "lastseen": "2016-01-31T11:36:15"}, {"id": "EDB-ID:22800", "type": "exploitdb", "title": "Kerio Mailserver 5.6.3 subscribe Module Overflow", "description": "Kerio Mailserver 5.6.3 subscribe Module Overflow. CVE-2003-0487. Dos exploit for linux platform", "published": "2003-06-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/22800/", "cvelist": ["CVE-2003-0487"], "lastseen": "2016-02-02T19:34:15"}, {"id": "EDB-ID:22803", "type": "exploitdb", "title": "Kerio Mailserver 5.6.3 do_map Module Overflow", "description": "Kerio Mailserver 5.6.3 do_map Module Overflow. CVE-2003-0487 . Dos exploit for linux platform", "published": "2003-06-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/22803/", "cvelist": ["CVE-2003-0487"], "lastseen": "2016-02-02T19:34:45"}, {"id": "EDB-ID:22802", "type": "exploitdb", "title": "Kerio Mailserver 5.6.3 list Module Overflow", "description": "Kerio Mailserver 5.6.3 list Module Overflow. CVE-2003-0487. Dos exploit for linux platform", "published": "2003-06-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/22802/", "cvelist": ["CVE-2003-0487"], "lastseen": "2016-02-02T19:34:35"}], "osvdb": [{"id": "OSVDB:4956", "type": "osvdb", "title": "Kerio MailServer add_acl Module Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Kerio MailServer. The integrated web server fails to validate user input to the \"folder\" variable in the \"add_acl\" module resulting in a buffer overflow in several variables. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.\n## Technical Description\nIf an attacker sets the folder as \"~adminlocalhost/INBOX\" and clicks it, the mail server will stop with an access violation. The add_acl module \"add_name\" variable is also vulnerable to an overflow when provided an overly long name.\n\nAn attacker must have an account in the webmail system to exploit the buffer overflow, or build a specially crafted URL and trick a registered user with open session into clicking the link.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA remote overflow exists in Kerio MailServer. The integrated web server fails to validate user input to the \"folder\" variable in the \"add_acl\" module resulting in a buffer overflow in several variables. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/add_acl?folder=~[Ax200+]localhost/INBOX&add_name=lucas\n## References:\nVendor URL: http://www.kerio.com/us/kms_home.html\n[Related OSVDB ID: 2159](https://vulners.com/osvdb/OSVDB:2159)\n[Related OSVDB ID: 4954](https://vulners.com/osvdb/OSVDB:4954)\n[Related OSVDB ID: 4953](https://vulners.com/osvdb/OSVDB:4953)\n[Related OSVDB ID: 4955](https://vulners.com/osvdb/OSVDB:4955)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0146.html\nISS X-Force ID: 12368\n[CVE-2003-0487](https://vulners.com/cve/CVE-2003-0487)\nBugtraq ID: 7967\n", "published": "2003-06-18T14:58:51", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:4956", "cvelist": ["CVE-2003-0487"], "lastseen": "2017-04-28T13:19:59"}, {"id": "OSVDB:4954", "type": "osvdb", "title": "Kerio MailServer list Module Overflow", "description": "## Vulnerability Description\nA remote overflow exists in kerio MailServer. The integrated web server fails to limit input to the \"folder\" variable of the \"list\" module resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.\n## Technical Description\nAn attacker must have an account in the webmail system to exploit the buffer overflow, or build a specially crafted URL and trick a registered user with open session into clicking the link.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA remote overflow exists in kerio MailServer. The integrated web server fails to limit input to the \"folder\" variable of the \"list\" module resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/list?folder=~[Ax200+]localhost/INBOX\n## References:\nVendor URL: http://www.kerio.com/us/kms_home.html\n[Related OSVDB ID: 2159](https://vulners.com/osvdb/OSVDB:2159)\n[Related OSVDB ID: 4953](https://vulners.com/osvdb/OSVDB:4953)\n[Related OSVDB ID: 4955](https://vulners.com/osvdb/OSVDB:4955)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0146.html\nISS X-Force ID: 12368\n[CVE-2003-0487](https://vulners.com/cve/CVE-2003-0487)\nBugtraq ID: 7967\n", "published": "2003-06-18T14:58:51", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:4954", "cvelist": ["CVE-2003-0487"], "lastseen": "2017-04-28T13:19:59"}, {"id": "OSVDB:4958", "type": "osvdb", "title": "Kerio MailServer do_map Module Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Kerio MailServer. The integrated web server fails to validate user input to the \"user\" variable of the \"do_map\" module resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.\n## Technical Description\nAn attacker must have an account in the webmail system to exploit the buffer overflow, or build a specially crafted URL and trick a registered user with open session into clicking the link.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA remote overflow exists in Kerio MailServer. The integrated web server fails to validate user input to the \"user\" variable of the \"do_map\" module resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/do_map?action=new&oldalias=eso&alias=aaa&folder=public&user=[Ax200+]\n## References:\nVendor URL: http://www.kerio.com/us/kms_home.html\n[Related OSVDB ID: 2159](https://vulners.com/osvdb/OSVDB:2159)\n[Related OSVDB ID: 4953](https://vulners.com/osvdb/OSVDB:4953)\n[Related OSVDB ID: 4954](https://vulners.com/osvdb/OSVDB:4954)\n[Related OSVDB ID: 4955](https://vulners.com/osvdb/OSVDB:4955)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0146.html\nISS X-Force ID: 12368\n[CVE-2003-0487](https://vulners.com/cve/CVE-2003-0487)\nBugtraq ID: 7967\n", "published": "2003-06-18T14:58:51", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:4958", "cvelist": ["CVE-2003-0487"], "lastseen": "2017-04-28T13:19:59"}, {"id": "OSVDB:2159", "type": "osvdb", "title": "Kerio MailServer do_subscribe Module Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Kerio MailServer. The integrated web server fails to limit input to the \"showuser\" variable of the \"do_dubscribe\" module resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.\n## Technical Description\nAn attacker must have an account in the webmail system to exploit the buffer overflow, or build a specially crafted URL and trick a registered user with open session into clicking the link.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA remote overflow exists in Kerio MailServer. The integrated web server fails to limit input to the \"showuser\" variable of the \"do_dubscribe\" module resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[victim]/do_subscribe?showuser=[Ax200+]\n## References:\nVendor URL: http://www.kerio.com/us/kms_home.html\n[Related OSVDB ID: 4953](https://vulners.com/osvdb/OSVDB:4953)\n[Related OSVDB ID: 4954](https://vulners.com/osvdb/OSVDB:4954)\n[Related OSVDB ID: 4955](https://vulners.com/osvdb/OSVDB:4955)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0146.html\nISS X-Force ID: 12368\n[CVE-2003-0487](https://vulners.com/cve/CVE-2003-0487)\nBugtraq ID: 7967\n", "published": "2003-06-18T14:58:51", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:2159", "cvelist": ["CVE-2003-0487"], "lastseen": "2017-04-28T13:19:57"}], "seebug": [{"id": "SSV-62735", "type": "seebug", "title": "Kerio MailServer 5.6.3 - Remote Buffer Overflow Exploit", "description": "Summary: \n \nKerio MailServer services program supports IMAP, POP3, Smtp and SSL protocols, and includes a WEBMAIL.< br/>Kerio MailServer WEBMAIL in the process user name when a lack of the right boundary of the buffer zone to check, the remote attacker can use this vulnerability may be in the Kerio MailServer process permissions on the system to execute arbitrary commands.< br/>multiple scripts in the processing super-long username when no buffer checks, these script includes: \ndo_subscribe, the add_acl, list, and do_map it.< br/>in the user name field to submit an overly long string, can trigger a buffer overflow, a carefully constructed data submission may be in the Kerio MailServer process permissions on the system to execute arbitrary commands.< br/>\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-62735", "cvelist": ["CVE-2003-0487"], "lastseen": "2016-07-26T17:52:57"}, {"id": "SSV-76594", "type": "seebug", "title": "Kerio Mailserver 5.6.3 subscribe Module Overflow", "description": "Summary: \n \nKerio MailServer services program supports IMAP, POP3, Smtp and SSL protocols, and includes a WEBMAIL.< br/>Kerio MailServer WEBMAIL in the process user name when a lack of the right boundary of the buffer zone to check, the remote attacker can use this vulnerability may be in the Kerio MailServer process permissions on the system to execute arbitrary commands.< br/>multiple scripts in the processing super-long username when no buffer checks, these script includes: \ndo_subscribe, the add_acl, list, and do_map it.< br/>in the user name field to submit an overly long string, can trigger a buffer overflow, a carefully constructed data submission may be in the Kerio MailServer process permissions on the system to execute arbitrary commands.< br/>\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-76594", "cvelist": ["CVE-2003-0487"], "lastseen": "2016-07-27T09:07:46"}, {"id": "SSV-76595", "type": "seebug", "title": "Kerio Mailserver 5.6.3 add_acl Module Overflow", "description": "Summary: \n \nKerio MailServer services program supports IMAP, POP3, Smtp and SSL protocols, and includes a WEBMAIL.< br/>Kerio MailServer WEBMAIL in the process user name when a lack of the right boundary of the buffer zone to check, the remote attacker can use this vulnerability may be in the Kerio MailServer process permissions on the system to execute arbitrary commands.< br/>multiple scripts in the processing super-long username when no buffer checks, these script includes: \ndo_subscribe, the add_acl, list, and do_map it.< br/>in the user name field to submit an overly long string, can trigger a buffer overflow, a carefully constructed data submission may be in the Kerio MailServer process permissions on the system to execute arbitrary commands.< br/>\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-76595", "cvelist": ["CVE-2003-0487"], "lastseen": "2016-07-27T09:40:48"}, {"id": "SSV-76596", "type": "seebug", "title": "Kerio Mailserver 5.6.3 list Module Overflow", "description": "Summary: \n \nKerio MailServer services program supports IMAP, POP3, Smtp and SSL protocols, and includes a WEBMAIL.< br/>Kerio MailServer WEBMAIL in the process user name when a lack of the right boundary of the buffer zone to check, the remote attacker can use this vulnerability may be in the Kerio MailServer process permissions on the system to execute arbitrary commands.< br/>multiple scripts in the processing super-long username when no buffer checks, these script includes: \ndo_subscribe, the add_acl, list, and do_map it.< br/>in the user name field to submit an overly long string, can trigger a buffer overflow, a carefully constructed data submission may be in the Kerio MailServer process permissions on the system to execute arbitrary commands.< br/>\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-76596", "cvelist": ["CVE-2003-0487"], "lastseen": "2016-07-27T10:06:10"}], "nessus": [{"id": "KERIO_WEBMAIL_MULTIPLE_FLAWS.NASL", "type": "nessus", "title": "Kerio WebMail < 5.7.7 Multiple Vulnerabilities", "description": "The remote host is running version 5 of the Kerio MailServer.\n\nThere are multiple flaws in this interface that could allow an attacker with a valid webmail account on this host to obtain a shell on this host or to perform a cross-site-scripting attack against this host with a version prior to 5.6.4.\n\nVersions of MailServer prior to 5.6.5 are also prone to a denial of service condition when an incorrect login to the admin console occurs. This could cause the server to crash.\n\nVersions of MailServer prior to 5.7.7 are prone to a remotely exploitable buffer overrun condition. This vulnerability exists in the spam filter component. If successfully exploited, this could permit remote attackers to execute arbitrary code in the context of the MailServer software. This could also cause a denial of service in the server.\n\n*** This might be a false positive, as Nessus did not have\n*** the proper credentials to determine if the remote Kerio\n*** is affected by this flaw.", "published": "2003-06-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=11763", "cvelist": ["CVE-2002-1434", "CVE-2003-0487", "CVE-2003-0488"], "lastseen": "2017-08-16T03:11:29"}], "openvas": [{"id": "OPENVAS:80069", "type": "openvas", "title": "Kerio WebMail v5 multiple flaws", "description": "The remote host is running version 5 of the Kerio MailServer.\n\nThere are multiple flaws in this interface which may allow\nan attacker with a valid webmail account on this host \nto obtain a shell on this host or to perform\na cross-site-scripting attack against this host\nwith version prior to 5.6.4.\n\nVersion of MailServer prior to 5.6.5 are also prone to a \nenial of service condition when an incorrect login to the\nadmin console occurs. This could cause the server to crash.\n\nVersion of MailServer prior to 5.7.7 is prone to a remotely \nexploitable buffer overrun condition.\nThis vulnerability exists in the spam filter component. \nIf successfully exploited, this could permit remote attackers \nto execute arbitrary code in the context of the MailServer software. \nThis could also cause a denial of service in the server.\n\n\n*** This might be a false positive, as OpenVAS did not have\n*** the proper credentials to determine if the remote Kerio\n*** is affected by this flaw.", "published": "2008-10-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=80069", "cvelist": ["CVE-2002-1434", "CVE-2003-0487", "CVE-2003-0488"], "lastseen": "2017-07-02T21:10:14"}]}}